Approved for Release: 2014/09/12 C05618308 



2T r rrTffrn n i iiiilli'iiiiiT 



Maintaining Vigilance 



Counterintelligence in the War Against Terrorism (U) 

Michael J. Sulick 



u 

Closer integration 
could maximize the 
contributions of 
powerful 
counterintelligence 
tools in the fight 
against terrorism. 



Michael J. Sulick served as the 
Associate Deputy Director for 
Operations at CIA. 



(b)(3)(c) 



US counterintelligence (CI) 
sometimes failed during the Cold 
War. Until unmasked, a number 
of Soviet spies inflicted serious 
damage on national security that 
could have shifted the balance in 
a war with the Soviet Union. The 
Soviets would have enjoyed sig- 
nificant military advantage 
armed with, among other secrets, 
the US Continuity of Govern- 
ment plan passed by Robert 
Hanssen, the volumes on US 
Navy capabilities from the 
Walker spy ring, and informa- 
tion on tactical nuclear weapons 
and military communications 
from retired Army Sgt. Clyde 
Conrad. Fortunately, the United 
States and the Soviet Union 
never went to war, and Moscow 
never had the opportunity to 
exploit the advantages gained 
from its Cold War spies. (U) 

Now, however, the United States 
is at war. The enemy can immedi- 
ately exploit information gained 
through espionage to launch 
attacks. Imagine a Hanssen or an 
Ames spying for a terrorist 
group, providing them data about 
US counterterrorist sources, 
analyses, and intelligence gaps — 
the damage could be cata- 
strophic. Terrorist espionage 
inside the US Intelligence Com- 
munity is no longer a remote 
possibility. Clandestine reporting 
has surfaced terrorist plans to 
infiltrate the community, and the 
number of government employ- 
ees and applicants investigated 
on suspicion of terrorist connec- 



tions is steadily increasing. 
Considering the potential speed 
of implementation and high-casu- 
alty focus of terrorist tactics, US 
counterintelligence cannot afford 
to fail to uncover enemy spies in 
this war. (U) 

Neutralizing espionage is only 
one of the roles that counterintel- 
ligence plays. CI also compiles 
and analyzes information on the 
enemy's security services to dis- 
rupt their intelligence collection 
against the United States and 
facilitate our penetration of their 
ranks. It establishes mecha- 
nisms to protect sensitive 
intelligence through compart- 
mentation, yet disseminate that 
intelligence to appropriate con- 
sumers. CI provides critical 
support to intelligence collection 
by vetting sources to ensure that 
information is comprehensive, 
accurate, and not designed to 
deceive — in the terrorist arena, 
disinformation from a single dou- 
ble agent could divert us from a 
real attack. The very nature of 
terrorist tactics, relying on sur- 
prise, clandestinity, and 
compartmentation, has thrust 
intelligence into a central role in 
the war against terrorism. (U) 

The critical role of intelligence in 
this war argues for closer inte- 
gration of counterintelligence 
and counterterrorist efforts than 
now exists. In a recent article in 
The Economist, six distinguished 
IC retirees emphasized the need 
for a new approach: ". . . the jobs 



Studies in Intelligence Vol. 48, No. 4 



I//MR 25 



Approved for Release: 2014/09/12 C05618308 



Approved for Release: 2014/09/12 C05618308 
SECRET//NOFORN//MR 
CI and Terrorism 



of countering terrorism and coun- 
tering hostile intelligence 
services are hardly distinguish- 
able from the other. To separate 
them artificially, as the IC does 
now, is to make a difficult task 
even harder." 1 Along the same 
line, retired Gen. William Odom, 
a former director of NSA, noted 
the link between counterintelli- 
gence and counterterrorism in 
testimony before the US Senate: 
"CI is intelligence about the 
enemy's intelligence . . . because 
terrorists have much in common 
with spies, operating clandes- 
tinely, CI must also include 
counterterrorism intelligence, 
both domestically and abroad." 2 
(S) 



(b)(1) 
(b)(3)(n) 



1 Bob Bryant, John Hamre, John Lawn, John 
MacGaffin, Howard Shapiro, Jeffrey Smith, 
"America Needs More Spies," The Economist, 10 
July 2003:3. (U) 

2 William Odom, Testimony to the US Senate 
Governmental Affairs Committee, 2 1 June 2002. 
(U) 



U 

Terrorists spy 
before they terrorize. 

55 



This article examines the many 
ways in which closer integration 
of these similar missions could 
maximize the contributions of 
powerful counterintelligence 
tools in the fight against terror- 
ism. (U) 



Terrorists as Intelligence 
Operatives (U) 

Simply put, terrorist groups oper- 
ate like intelligence services. 
Terrorists spy before they terror- 
ize. They case and observe their 
targets. They collect intelligence 
about their enemy's vulnerabili- 
ties from elicitation and open 
sources. They vet potential 
recruits by rigorous screening 
procedures. Like intelligence 
officers, terrorists practice trade- 
craft. Materials found in al- 
Qa'ida safehouses in Afghani- 
stan and other countries include 
training manuals on espionage 
tradecraft, such as the identifica- 
tion of clandestine meeting and 
deaddrop sites, techniques to 
recruit sources, covert communi- 
cations, and tracking and 
reporting on targets. (U) 

Terrorists also prepare their 
operatives to live cover with an 
intensity Soviet illegals would 
have envied. In an al-Qa'ida safe- 
house in Afghanistan, US forces 
discovered handwritten notes 
with guidance on operating 
under cover, including tips on 



traveling in alias, pocket litter to 
carry, and types of clothing to 
wear, down to details about the 
proper underwear to don in a for- 
eign land. 3 (U) 

For al-Qa'ida terrorists, living 
cover even has the sanction of 
Islamic doctrine. Some of the 
September 11 hijackers were 
believed to have been adherents 
of takfiri wal Hijra, an extremist 
offshoot of the Moslem Brother- 
hood spawned in the 1960s, 
whose adherents claim that the 
Koran advocates integration by 
Moslems into corrupt societies as 
a means of plotting attacks 
against them. 4 According to tak- 
firi precepts, al-Qa'ida operatives 
can play the infidel to gain access 
to the enemy 1 s targets and can 
even violate Islamic laws pro- 
vided that the goal justifies the 
otherwise illicit behavior. The 
September 11 hijackers wore 
expensive jewelry and sprayed 
themselves with cologne at US 
airports, believing that these 
Western traits would shield them 
from the scrutiny given orthodox 
Moslems. The immersion of these 
19 hijackers into American soci- 
ety tragically illustrates the 
effectiveness of living cover down 
to the smallest detail. (U) 

If terrorist groups operate like 
intelligence services, counterin- 
telligence can play the same role 
in combating them as it has and 



3 Susan B. Glasser, "A Terrorist's Guide to Infil- 
trating the West," The Washington Post, 9 De- 
cember 2001: Al.(U) 

4 Jane Corbin, The Base: Al Qaeda and the 
Changing Face of Global Terror (London: Simon 
& Schuster, 2002), 131-32. (U) 



26 SECRET//NOFORN//MR Studies in Intelligence Vol. 48, No. 4 

Approved for Release: 2014/09/12 C05618308 



Approved for Release: 2014/09/12 C05618308 



SECRET//NOFORN//MR 
CI and Terrorism 



continues to do against the Rus- 
sian SVR, the Chinese Ministry 
of State Security, and other intel- 
ligence services hostile to US 
interests. One of the primary 
tasks of CI is gaining a thorough 
knowledge of an adversary's 
intelligence service — its capabili- 
ties, organization, modus oper- 
andi, personalities, and use of 
cover. Such comprehensive 
knowledge can enable defensive 
measures to disrupt terrorist 
intelligence collection, but its pri- 
mary goal is offensive counterin- 
telligence: the recruitment of 
spies within the ranks of adver- 
sary intelligence-like organiza- 
tions. The best defense against 
enemy spies, whether from for- 
eign intelligence services or ter- 
rorist groups, has been and 
always will be the recruitment of 
our own spies in their ranks. (U) 



44 

The best defense is 
recruitment of our own 
spies in their ranks. 

55 



Exposing Terrorist Spies (U) 



(b)(1) 
(b)(3)(n) 



jjohn Walker 

Lindh, however, was of a differ- 
ent mold. Dubbed the "American 
Taliban" after his capture in 
Afghanistan, Lindh, came from 
an affluent northern California 
suburb, had no criminal record, 



6 Ibid. (S) 



Studies in Intelligence Vol. 48, No. 4 

Approved for Release: 2014/09/12 C05618308 



SECRET//NOFORN//MR 27 



Approved for Release: 201 4/09/1 2 C0561 8308 

SECRET//NOFORN//MR 
CI and Terrorism 



and carried decent academic cre- 
dentials. He had studied Arabic 
and traveled extensively in the 
Middle East, experiences that 
might have made him an attrac- 
tive candidate for US intelli- 
gence. If terrorists operate like 
intelligence services, intelligence 
officers should assume that they 
will attempt to infiltrate the 
security agencies of their main 
enemy by cultivating promising 
candidates for employment with 
backgrounds similar to Lindh's. 
(U) 



(b)(1) - 
(b)(3)(n) 



Terrorist spies within the Intelli- 
gence Community also would . 
present more imminent risks 
than Cold War spies who passed 
information on US plans, inten- 
tions, and capabilities. Once the 
Cold War spies were discovered, 
the government had time to 
adopt and implement counter- 



measures to balance the losses. 
But time is not on our side in the 
war on terrorism. Terrorist spies 
within the Intelligence Commu- 
nity could acquire information on 
gaps and vulnerabilities that 
could be used to plan attacks in 
very short order, or could even 
launch attacks from within 
against the agencies themselves. 
Our current security system was 
designed in the Cold War to pro- 
tect classified information, not 
personnel and physical infra- 
structure. Now, however, we must 
develop a system that can do 
both. (U) 



More Employees to Worry 
About (U) 

The problem of protection against 
spies from within is further com- 
plicated by the fact that 
personnel and facilities must also 
be defended from individuals 
with minimal or no clearance — 
custodial staff, cafeteria workers, 
maintenance and delivery per- 
sonnel — who have no access to 
areas with classified informa- 
tion, but could still pose a threat. 
While some government employ- 
ees still flinch at the rumble of 
jets from a nearby aircraft, the 
terrorist insider with minimal or 
no clearance could silently poi- 
son the food or water supply or 
plant a time bomb while clean- 
ing an empty office. (FOUO) 



(b)(1) 
(b)(3)(n) 



(b)(1) 
(b)(3)(n) 



28 SECRET//NOFORN//MR Studies in Intelligence Vol. 48, No. 4 



Approved for Release: 2014/09/12 C05618308 



Approved for Release: 2014/09/12 C05618308 



SECRET//NOFORN//MR 
CI and Terrorism 



Terrorist D&D borrows 
from the Soviets and 
Islamic tradition. 



55 



(b)(1) 
(b)(3)(n) 



Terrorist D&D (U) 



Terrorist groups have proven 
their ability to adopt the sophisti- 
cated D&D techniques of our 
Cold War adversaries: double 
agents reporting on the same 
threat to validate each other's 
information, passing vague yet 
enticing tidbits without details, 
and engaging in intentionally 
misleading telephone conversa- 
tions that they expect to be 
intercepted. (U) 

Terrorist D&D not only borrows 
from the Soviet bloc services but 
also is deeply rooted in Islamic 
tradition. Shiite Muslims, for 
example, practiced the concepts of 
taqiya, precautionary deception 
and dissimulation, and kitman, 
the concealment of malevolent 
intentions, against their Sunni 
enemies in the 7th century, and 
they continue to do so against 
today's adversaries. 8 One of the 
common tactics of kitman and 
taqiya involves "deceptive trian- 
gulation," — persuading one enemy 
that a jihad is directed against 
another enemy. Taqiya is 
regarded as a virtue and a reli- 
gious duty, a "holy hypocrisy" that 
justified lies and subterfuge in 
defense of the faith. Current 
attempts by double agents to 
plant bogus information about 
planned attacks draw from this 
ancient practice. (U) 



(b)(1) 
(b)(3)(n) 



9 "Taqiya and Kitman: The Role of Deception in 
Islamic Terrorism," <www.CI-CE-CT.com>, 2 
December 2002. (U) 



Studies in Intelligence Vol. 48, No. 4 

Approved for Release: 2014/09/12 C05618308 



SECRET//NOFORN//MR 29 



Approved for Release: 201 4/09/1 2 C0561 8308 
SECRET//NOFORN//MR 
CI and Terrorism 



(b)(1) 
(b)(3)(n) 



(b)(1) 
(b)(3)(n) 



Caveats (U) 



30 SECRET//NOFORN//MR 



Approved for Release: 2014/09/12 C05618308 



Studies in Intelligence Vol. 48, No. 4 



Approved for Release: 2014/09/12 C05618308 



SECRET//NOFORN//MR 
CI and Terrorism 



Counterterrorism entails rapid 
turnover of agents, fast-paced 
operations, quick reactions, and 
tactical moves to exploit action- 
able intelligence in order to 
counter imminent threats. Coun- 
terintelligence, on the other 
hand, inherently involves long 
and patient study, painstaking 
review, and correlation of details 
to gradually illuminate the shad- 
ows around its targets. It is the 
difference between a quick game 
on a pinball machine and an 
elaborate jigsaw puzzle. (U) 



Intelligence is now 
vital to a host of non- 
— i traditional users. 



55 



Sharing Intelligence Down 
the Line (U) 

One of the most dramatic devel- 
opments after September 11 was 
the recognition that intelligence 
information needs to be shared 
among a vast number of consum- 
ers to prevent future terrorist 
attacks. Intelligence previously 
disseminated to a handful of top 
policymakers is now vital for a 
host of non-traditional users in 
the counterterrorist arena, par- 
ticularly the Department of 
Homeland Security (DHS) agen- 
cies and state and local law 
enforcement that had never 
required such access in the past. 
(U) 



The budding alliance between 
intelligence and law enforce- 
ment is still an uneasy one. As' 
former CIA General Counsel 
Jeffrey Smith wryly noted, "It's 
like putting diplomacy in the 
War Department." 10 Intelli- 
gence collects secrets, informs 
policymakers, and warns of 
threats; law enforcement 
catches criminals and tries 
them in public. In the countert- 
errorist arena, these 
distinctions are now blurred by 
the need to share intelligence 
with law enforcement and the 
need for law enforcement to act 
on that intelligence. (U) 

Expanding the number and type 
of recipients of intelligence inevi- 
tably increases the risk of leaks 
of classified information. Such 
compromises can be costly, jeop- 
ardizing the security of agents 
operating in the most unforgiv- 
ing environments, shutting down 
technical collection operations, 
tipping off terrorists to our capa- 
bilities, and perhaps driving 
them toward new plans and tar- 
gets. (U) 

Leaks of counterterrorist intelli- 
gence can also damage one of our 
most critical assets in the coun- 
terterrorist campaign: 
cooperation with foreign liaison 
services. The transnational activ- 
ities and compartmented nature 
of terrorist groups require in- 
depth knowledge of foreign envi- 
ronments and cross-border 



10 Jeffrey Smith, quoted by Ralph Blumenthal, 
"Warof Secrets," New York Times, 8 September 
2002: 16. (U) 



Studies in Intelligence Vol, 48, No. 4 



SECRET7/NOFORN//MR 31 



Approved for Release: 2014/09/12 C05618308 



Approved for Release: 2014/09/12 C05618308 
SECRET//NOFORN//MR 
CI and Terrorism 



cooperation that unilateral 
efforts alone cannot provide. The 
United States cannot promote 
liaison cooperation, however, 
without ensuring that counterin- 
telligence concerns are 
addressed /(U) 

Unfortunately, our record in pro- 
tecting liaison information and 
sources has been flawed on occa- 
sion. As a result, some foreign 
governments and their intelli- 
gence services deliberately 
withhold information from us out 
of concern for leaks in the US 
media. Other governments coop- 
erate with us only behind the 
scenes because of domestic politi- 
cal considerations and the 
absence of good counterintelli- 
gence in handling their 
information could abruptly halt 
this discreet flow of information. 
(U) 

Counterintelligence alone will 
not eliminate the probability of 
some compromises of counterter- 
rorist information. We have 
never avoided compromises in 
other areas, and we face a far 
more daunting challenge in coun- 
terterrorism considering the 
volumes of information and 
increased numbers of consumers. 
Nor will counterintelligence 
resolve the inherent contradic- 
tion between expanded 
intelligence sharing and compart- 
mentation of sources and 
methods. CI can, however, help 
establish mechanisms to achieve 
some balance between the two. 
(U) 

CIA and the FBI have developed 
special controls to disseminate 



32 SECRET//NOFORN//MR 



Leaks can damage 
critical cooperation 
with foreign liaison 
services. 

55 



sensitive counterespionage infor- 
mation to appropriate consumers 
without jeopardizing penetra- 
tions of our most hostile and 
vigilant adversaries. Counterin- 
telligence can now assist other 
counter-terrorist programs in 
developing similar controls bal- 
ancing the "need-to-know" 
principle with the requirement 
for increased dissemination. 
Counterintelligence also devel- 
ops strategies to mitigate the 
damage from intelligence com- 
promises once they occur to 
enable crucial decisions on the 
continued use of particular 
sources and methods. Finally, 
counterintelligence conducts 
damage assessments after com- 
promises and produces "lessons 
learned" studies to enable neces- 
sary adjustments that may 
prevent similar losses in the 
future. (U) 

Counterintelligence training can 
also help to familiarize new con- 
sumers with the proper proce- 
dures for handling intelligence. 
The Department of Homeland 
Security has established a coun- 
terintelligence office of its own 
and set among its main tasks a 
counterintelligence awareness 
program for its constituent agen- 
cies and state and local law 
enforcement officials. CIC 
already manages an extensive 
CIA training program open to 



Intelligence Community mem- 
bers that focuses on counterintel- 
ligence awareness. To the extent 
resources permit, CIA as well as 
other agencies sponsoring simi- 
lar training should collaborate 
with DHS to develop and imple- 
ment tailored counterintelli- 
gence awareness training for 
state and local officials who are 
granted access to intelligence 
information. All efforts to ensure 
that the expanded pool of recipi- 
ents handles sensitive material 
carefully are steps in the right 
direction. Any leak averted as a 
result may be a source protected 
or, perhaps, a terrorist attack 
prevented. (U) 

Next Steps (U) 

While many of the comments 
above apply to CIA's two core 
missions of operations and analy- 
sis, the integration of counterin- 
telligence practices throughout 
the Intelligence Community 
could enhance overall US intelli- 
gence collection and analysis on 
terrorism. Some have argued 
that Intelligence Community 
reorganization is required to 
integrate the two disciplines. 
Gen. Odom has advocated a new 
"National Counterintelligence 
Service" to manage counterter- 
rorism and counterintelligence. 11 
The retired intelligence profes- 
sionals cited in The Economist 
article proposed a new organiza- 
tion within the FBI incorporat- 
ing counterintelligence and 



11 William Odom, Testimony to the US Senate 
Governmental Affairs Committee, 2 1 June 2002. 
<U) 



Studies in Intelligence Vol. 48, No. 4 



Approved for Release: 2014/09/12 C05618308 



Approved for Release: 2014/09/12 C05618308 



SECRET//NOFORN//MR 
CI and Terrorism 



counter-terrorism and subordi- 
nate to the DCI — somewhat simi- 
lar to the National (by*] ) 
Reconnaissance Office's joint )hO^V 
relationship with the Depart- ( D )wH n ) 
ment of Defense and the DCI. 12 
(U) 



Discussion of broad Intelligence 
Community reorganization goes 
beyond the scope of this article. 
While debate proceeds about 
reorganization, however, valu- 
able time is lost as terrorists plan 
more attacks. Counterintelli- 
gence operational, analytic, and 
investigative capabilities already 
exist and are well-developed in 
key national security agencies. 
The issue is marrying these capa- 
bilities more closely with 
counterterrorist efforts and 
ensuring that counterintelli- 
gence professionals and their 
tools — their knowledge of intelli- 
gence service modi operandi, 
agent validation procedures, 
D&D analysis, and compartmen- 
tation mechanisms — are fully 
integrated into counterterrorist 
components of the IC. (U) 



12 Bryant, et. al., The Economist, 10 July 2003: 4. 
(U) 



Studies in Intelligence Vol. 48, No. 4 

Approved for Release: 2014/09/12 C05618308 



SECRET//NOFORN//MR 33 



Approved for Release: 2014/09/12 C05618308 
SECRET//NOFORN//MR 
CI and Terrorism 



In Conclusion (U) 

CIA and other US intelligence 
agencies were established by law 
for the primary purpose of col- 
lecting intelligence to protect 
national security, not to catch 
spies and conduct counterintelli- 
gence activities. But we cannot 
ensure that our intelligence is 
complete, accurate, and pro- 
tected unless it is supported by 
solid counterintelligence prac- 
tices. Counterintelligence, 



U 

Counterintelligence 
must impose itself now. 

55 



sometimes described as the 
"skunk at the party," is often 
resisted by intelligence officers 
troubled by its innately mistrust- 
ful and skeptical approach. As 
former Chief of CIC Jim Olson 
has remarked: "There's a natural 
human tendency on the part of 
both case officers and senior 



operations managers to resist 
outside scrutiny . . . when neces- 
sary, a CI service has to impose 
itself on organizations and 
groups it is assigned to pro- 
tect." 14 Considering the high 
stakes in the war on terrorism, it 
is time for counterintelligence to 
impose itself now. (U) 



14 James Olson, "The Ten Commandments of 
Counterintelligence," Studies in Intelligence 45, 
no. 3, 2001: 57-58. (U) 



34 SECRET//NOFORN//MR 



Approved for Release: 2014/09/12 C05618308 



Studies in Intelligence Vol. 48, No. 4 



